CyberSecurity Newsletter 26th February 2024
CyberSecurity Newsletter 26th February 2024
In this week’s news: Optum Healthcare breached? Paypals patents cookie security method, SSH-Snake worm threatens networks, botnet malware targets Apache Stacks, Outlook 0-Day, the AWS ransomware con, Lockbit is back, a Chinese leak shakes everything, Regulators investigate the MGM leak, and ConnectWise ScreenConnect vulnerability is exploited in the wild.
Optum Healthcare down due to CyberSecurity Event:
https://status.changehealthcare.com/
PayPal has filed a patent application for a novel method that can identify when "super-cookie" is stolen, which could improve the cookie-based authentication mechanism and limit account takeover attacks:
https://www.bleepingcomputer.com/news/security/paypal-files-patent-for-new-method-to-detect-stolen-cookies/
SSH-Snake: New Self-Modifying Worm Threatens Networks:
https://sysdig.com/blog/ssh-snake/
Lucifer DDoS botnet Malware is Targeting Apache Big-Data Stack:
https://www.aquasec.com/blog/lucifer-ddos-botnet-malware-is-targeting-apache-big-data-stack/
Crooks stole nearly $10 million from the wallet of one of the co-founders of the video game Axie Infinity and the related Ronin Network:
https://securityaffairs.com/159542/cyber-crime/10-million-stolen-from-axie-infinity-cofounder.html
Outlook Users Beware 0-Day Exploit Released On Hacking Forums:
https://gbhackers.com/outlook-exploit-warning-0-day/
Apple is adding to the iMessage instant messaging service a new post-quantum cryptographic protocol named PQ3, designed to defend encryption from quantum attacks:
https://www.bleepingcomputer.com/news/security/apple-adds-pq3-quantum-resistant-encryption-to-imessage/
AWS Ransomware, analysis of a con:
https://dfir.ch/posts/aws_ransomware/
Authorities Claim LockBit Admin "LockBitSupp" Has Engaged with Law Enforcement:
https://thehackernews.com/2024/02/authorities-claim-lockbit-admin.html
An apparent leak of internal documents from a Chinese hacking contractor paints a picture of a disaffected, poorly paid workforce that nonetheless penetrated multiple regional governments and possibly NATO:
https://www.databreachtoday.co.uk/chinese-hacking-contractor-isoon-leaks-internal-documents-a-24405
http://web.archive.org/web/20240222162355/https://github.com/I-S00N/I-S00N/issues/52
In an advisory today, Germany's federal intelligence agency (BfV) and South Korea's National Intelligence Service (NIS) warn of an ongoing cyber-espionage operation targeting the global defence sector on behalf of the North Korean government:
https://www.bleepingcomputer.com/news/security/north-korean-hackers-linked-to-defense-sector-supply-chain-attack/
Avast ordered to stop selling browsing data from its browsing privacy apps:
https://arstechnica.com/tech-policy/2024/02/avast-ordered-to-stop-selling-browsing-data-from-its-browsing-privacy-apps/
CVE-2024-23897 - Jenkins <= 2.441 & <= LTS 2.426.2 PoC And Scanner:
https://www.kitploit.com/2024/02/cve-2024-23897-jenkins-2441-lts-24262.html
RCMP is investigating the cyber attack as its website remains down:
https://www.bleepingcomputer.com/news/security/rcmp-investigating-cyber-attack-as-its-website-remains-down/
MGM Resorts says regulators probing September cyber attack:
https://www.itnews.com.au/news/mgm-resorts-says-regulators-probing-september-cyber-attack-605472
A critical ConnectWise ScreenConnect vulnerability that puts thousands of servers at risk of takeover is actively being exploited in the wild:
https://www.scmagazine.com/news/connectwise-exploit-could-spur-ransomware-free-for-all-expert-warns
The LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector:
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-returns-restores-servers-after-police-disruption/
Microsoft is testing a method for Windows 11 users to apply security patches without having to reboot:
https://www.techspot.com/news/102015-windows-11-latest-feature-eliminate-reboots-os-updates.html
Fraudsters hacked into MicroStrategy account and published a phishing message about the airdrop of $MSTR token. In total, the hackers managed to steal at least $440,000:
https://twitter.com/GNcrypto_news/status/1761997649631187162#m